FCC plan to prevent wireless interference could have unintended consequences.

Share this story

The Federal Communications Commission is considering new restrictions that would make it harder for users to modify Wi-Fi routers, sparking controversy and an apparent misunderstanding over the FCC’s intentions.

The FCC's stated goal is to make sure routers and other devices only operate within their licensed parameters. Manufacturers release products that are certified to operate at particular frequencies, types of modulation, and power levels but which may actually be capable of operating outside of what they’ve been certified and tested to do.

Further Reading

The extra capabilities can sometimes be unlocked through software updates issued by the manufacturer, or by software made by third parties. Lots of users install open source firmware on routers to get a better user interface and better functionality than what is provided by the vendor, and the wording of the FCC’s proposal has some worried that such software will effectively be outlawed.

The FCC’s proposals would ideally prevent interference in wireless networks while not infringing upon the rights of users, and the FCC says making third-party router firmware illegal is not the intention.

A proposed rulemaking was issued July 21, kicking off a public comment period, whose deadline has already been extended from September 8 to October 9 because groups including the Consumer Electronics Association said they needed more time to study the issue. The rules would apply not just to routers but also to smartphones and other devices with radios enabling either cellular or Wi-Fi transmissions.

Unintended consequences?

The FCC's proposed requirement is for device manufacturers to “implement well-defined measures to ensure that certified equipment is not capable of operating with RF-controlling software for which it has not been approved.” Any RF device whose radio parameters can be controlled by software should have security features preventing unauthorized modification to those technical parameters, the proposal said.

More worryingly, an FCC document issued in March suggested that manufacturers should try to prevent loading of software like DD-WRT, one of the most popular open source firmware packages for routers. The “Software Security Requirements” document said that license applicants should have to “Describe in detail how the device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT.”

DD-WRT can change the transmit power of a router. But instead of telling manufacturers to block only that functionality while allowing third-party firmware to run in general, the FCC document makes it sound like the commission wants to ban DD-WRT and similar software altogether.

This led to articles saying the rules “effectively ban Open Source router firmware” and represent “a concerted move to expel the many popular open-source firmware distributions and hardware configurations populating the Wi-Fi router space.”

The FCC kicked off this rulemaking because of interference problems at airports, telecom policy expert and senior VP of Public Knowledge Harold Feld told TechDirt.

“We had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports,” Feld said. “Naturally the FAA freaked out, and the FCC responded to this actual real world concern.”

The potential problem, Feld said, is that if the FCC writes rules that aren’t crystal clear, “major chip manufacturers will respond by saying ‘the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line.’”

FCC: Open source won’t be banned

Ars is attempting to schedule an interview with the FCC to explore this issue in more depth. So far, the commission has only told us that “versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF [radio frequency] parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented. We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”

Public comments on the proposal can normally be found at this link, but not right now, as the FCC has taken a number of systems offline until September 8 as it performs a much-needed IT upgrade. After the October 9 deadline to submit initial comments, reply comments can be submitted until November 9.

Assuming the FCC does not intend to prevent installation of any and all third-party firmware, the commission will have to be careful in how it words its final rules. An overbroad ruling could give manufacturers incentive to lock down their hardware to the point where it would be difficult to install third-party software, even if that software doesn’t change radio-frequency parameters.

In the meantime, a Save WiFi campaign was started by free software advocates to encourage people to submit comments to the FCC. One commenter named Wesley Fowler told the FCC that its proposed restrictions “are entirely too broad… Third party firmware provides many bug and security fixes to devices that manufacturers are often slow to fix or have abandoned completely in regards to firmware changes.”

Third-party firmware can also add “different functionality and can allow for devices to be used to fill needs in manners that the manufacturer had never contemplated,” Fowler wrote.

The changes also sparked an e-mail list discussion among developers and users of OpenWRT, another open source firmware. Some worried that the FCC’s changes as described in the Software Security Requirements document would make it impossible for users to install third-party firmware.

Kathy Giori, a senior product manager at Qualcomm Atheros, was confident that manufacturers can lock down the radio frequency settings of devices without locking out all third-party firmware.

“The FCC really only cares about not modifying the power/freq to go outside stated regulatory rules,” Giori wrote on July 28. “So we have to find a way to keep general software updates and reflashing open while limiting any proliferation of binary images that have a means to break regulatory restrictions.”

Promoted Comments

I understand the concern and it is valid. Custom firmware on many routers can boost the power, allow you to select channels that shouldn't be used in the US or still select them when something else using them and you shouldn't use them. Routers interfering with weather radar at an airport is a pretty bad thing. Those radar are used to watch for wind shear events that can crash planes trying to land.

I do agree with the article in that if the easy solution is to just make it hard to install any 3rd party firmware that will likely be the result. Allowing 3rd party firmware but protecting the radio from being improperly configured does seem harder than just signing the firmware and calling it good. Not that signing the firmware will really prevent installing 3rd party firmware. It will just make it more annoying and will meet the FCC requirements.

you can still load DD-WRT. it just won't be able to boost transmiting power if the device allows it

This is the obvious solution, but you've clearly never worked with hardware manufacturers. If the options are "fix the hardware or firmware" or "just don't allow open source software", they'll pick "don't allow open source software" 100% of the time.

Remember that open source software for routers only exists because of GPL violations (WRT-54g) or convenience (ASUS). If allowing this became inconvenient, they would stop allowing it.

It seems that the manufacturers understand the FCC proposal. Not sure where the problem is. If there is any risk of manufacturers closing down their firmware, that will only come from manufacturers that do wish to close down their firmware. Not because of this ruling.

Incidentally, even if they closed their firmware, it wouldn't remain closed for long. Such a move would just spawn another type of "open source". Open architectures are the way to go. Closed ones don't remain closed for long.

Incidentally, even if they closed their firmware, it wouldn't remain closed for long. Such a move would just spawn another type of "open source". Open architectures are the way to go. Closed ones don't remain closed for long.

If it requires a JTAG to flash, it's not going to get very popular.

This is the reason for comment solicitation and comment periods, to get an idea of how the proposed regulations would affect things. I'm glad to see that the FCC's intent differs from the reading of the proposal. I expect they'll make some changes and clarifications.

you can still load DD-WRT. it just won't be able to boost transmiting power if the device allows it

This is the obvious solution, but you've clearly never worked with hardware manufacturers. If the options are "fix the hardware or firmware" or "just don't allow open source software", they'll pick "don't allow open source software" 100% of the time.

Remember that open source software for routers only exists because of GPL violations (WRT-54g) or convenience (ASUS). If allowing this became inconvenient, they would stop allowing it.

It seems that the manufacturers understand the FCC proposal. Not sure where the problem is. If there is any risk of manufacturers closing down their firmware, that will only come from manufacturers that do wish to close down their firmware. Not because of this ruling.

Incidentally, even if they closed their firmware, it wouldn't remain closed for long. Such a move would just spawn another type of "open source". Open architectures are the way to go. Closed ones don't remain closed for long.

This seems entirely reasonable. I get the concern, I remember using DD-WRT on a linksys 54 so I didn't have to buy a "AP". I saw the boost transmit power, but I never touched it. Why? I'm technical. I understand the implications of such a thing. I'm willing to bet a lot of people that flash theirs do as well, but not all, and some will just not care. There is a reason we regulate radio transmissions as we do.

As people point out, I'm more concerned about the lazy fix this will entail of all or nothing.

I understand the concern and it is valid. Custom firmware on many routers can boost the power, allow you to select channels that shouldn't be used in the US or still select them when something else using them and you shouldn't use them. Routers interfering with weather radar at an airport is a pretty bad thing. Those radar are used to watch for wind shear events that can crash planes trying to land.

I do agree with the article in that if the easy solution is to just make it hard to install any 3rd party firmware that will likely be the result. Allowing 3rd party firmware but protecting the radio from being improperly configured does seem harder than just signing the firmware and calling it good. Not that signing the firmware will really prevent installing 3rd party firmware. It will just make it more annoying and will meet the FCC requirements.

Because of how these devices are made, it's likely going to be less of a hassle for manufacturers to just lock out the frequency/Tx power changes than it would be to attempt to block firmware changes altogether, especially if they want to maintain the ability to patch their own firmware. And companies are gonna company. They are going to go the path of least resistance, do what takes the least time and least money so they can continue extracting the most profit. So unless the FCC jumps in and explicitly bans unsigned/open-source firmware, it's safe to say our open-source firmware is safe.

I understand the concern and it is valid. Custom firmware on many routers can boost the power, allow you to select channels that shouldn't be used in the US or still select them when something else using them and you shouldn't use them. Routers interfering with weather radar at an airport is a pretty bad thing. Those radar are used to watch for wind shear events that can crash planes trying to land.

I do agree with the article in that if the easy solution is to just make it hard to install any 3rd party firmware that will likely be the result. Allowing 3rd party firmware but protecting the radio from being improperly configured does seem harder than just signing the firmware and calling it good. Not that signing the firmware will really prevent installing 3rd party firmware. It will just make it more annoying and will meet the FCC requirements.

Part of the problem is that "improper configuration" can actually be proper under some circumstances.

I'd also be VERY worried that the chinese gray market will become more popular, selling spotty radios that will ruin everyone's day even at regular power levels.

Makes a good argument for buying from companies like Asus or Buffalo who load dd-wrt as standard. Mine is till ticking along fine, and I thankfully won't have a need to upgrade for the next 5-6 years.

Honestly though, this is very un-enforcable. Routers are commodity hardware, and it wouldn't be that difficult to get SOCs like soekris, or something cheaper, and rolling your own diy wifi solution with dd-wrt. Not to mention, it would still be possible to order something directly from china through ebay and get it delivered. Or go to craigslist and pick a used router. The cat is already out of the bag, and it has been more than 10 years since we have had opensource firmware that can override the power settings of the antennas. If FCC hopes to make this stick, their best best is to talk to OEMs and make them cripple the hardware. Otherwise, this is going the path of DRM and DVD region locking.

It seems that the manufacturers understand the FCC proposal. Not sure where the problem is. If there is any risk of manufacturers closing down their firmware, that will only come from manufacturers that do wish to close down their firmware. Not because of this ruling.

Incidentally, even if they closed their firmware, it wouldn't remain closed for long. Such a move would just spawn another type of "open source". Open architectures are the way to go. Closed ones don't remain closed for long.

<sarcasm> yes, lets ban open-source firmware that lets us use our own hardware however we want. Then ALL those manufacturers that DD-WRT makes firmware for can stop using the Linux kernel and write their own firmware that doesn't rely on open-source.

Not likely.

In all seriousness though, wasn't there a us court case about this that basically said once we own the hardware, it's ours to do with as we please? (i.e. jailbreaking/rooting smartphones)

<sarcasm> yes, lets ban open-source firmware that lets us use our own hardware however we want. Then ALL those manufacturers that DD-WRT makes firmware for can stop using the Linux kernel and write their own firmware that doesn't rely on open-source.

Not likely.

In all seriousness though, wasn't there a us court case about this that basically said once we own the hardware, it's ours to do with as we please? (i.e. jailbreaking/rooting smartphones)

Sure. But that doesn't mean that,

a. It's legal to actually make certain modifications.b. That the manufacturer has to make easy for you to do so.

The biggest question is whether this is an actual problem, or mostly theoretical? Are there hordes of people causing havoc with their rouge WiFis, or is it a just a few that ever make the change and even fewer that cause any problem whatsoever with that change?

The government shouldn't be involved unless there are real problems. Most of the non-geeks I know aren't really clear on how to change general settings in their router, most don't know what firmware is, and none of them are even aware that it can be changed. Of the geeks I know, and as an IT guy I know quite a few, maybe one has flashed his router.

I repeat, unless there's an actual problem, the government has no reason to fix it. Theoretical problems are just that.

Because of how these devices are made, it's likely going to be less of a hassle for manufacturers to just lock out the frequency/Tx power changes than it would be to attempt to block firmware changes altogether, especially if they want to maintain the ability to patch their own firmware. And companies are gonna company. They are going to go the path of least resistance, do what takes the least time and least money so they can continue extracting the most profit. So unless the FCC jumps in and explicitly bans unsigned/open-source firmware, it's safe to say our open-source firmware is safe.

Edit: Hey, autocorrect... "our" is a word.

Locking out changes may require some support from the chipset and radio vendors. That still leaves a lot of routers out there that can be.

the FCC says making third-party router firmware illegal is not the intention

Just an unfortunate side-effect. Until they FCC changes the wording of their proposal to make it absolutely clear that consumers are still allowed to replace the OEM firmware, I'm going to continue to oppose the proposal. This "clarification" clarifies nothing.

First it's illegal to work on your hardware because you'll be violating the manufacturer's software copyright. Now the FCC wants to make it illegal to replace the manufacturer's copyrighted software with free and open software? Maybe the cable industry couldn't bribe Wheeler, but John Deere et. al. certainly did.

Minor nit, but the article says "The FCC's stated goal is to make sure routers and other devices only operate within their licensed parameters" - WiFi devices are not licensed. They are certified by the FCC to be compliant, but not licensed.

I understand the concern and it is valid. Custom firmware on many routers can boost the power, allow you to select channels that shouldn't be used in the US or still select them when something else using them and you shouldn't use them. Routers interfering with weather radar at an airport is a pretty bad thing. Those radar are used to watch for wind shear events that can crash planes trying to land.

I do agree with the article in that if the easy solution is to just make it hard to install any 3rd party firmware that will likely be the result. Allowing 3rd party firmware but protecting the radio from being improperly configured does seem harder than just signing the firmware and calling it good. Not that signing the firmware will really prevent installing 3rd party firmware. It will just make it more annoying and will meet the FCC requirements.

Yes, custom firmware on some routers can allow you to boost the power.

How much of a problem is this, really? I have a 400 foot driveway and my neighbor is across the street from that, so maybe 425 feet away. If I boosted power and get coverage throughout my entire house it wouldn't bother my neighbor one bit. If I lived in an apartment I can see the issue, but really how many people are complaining to the FCC that they can pick up their neighbor's WiFi? If you live in an apartment chances are you can pick up your neighbor's legal WiFi.

I understand the concern and it is valid. Custom firmware on many routers can boost the power, allow you to select channels that shouldn't be used in the US or still select them when something else using them and you shouldn't use them. Routers interfering with weather radar at an airport is a pretty bad thing. Those radar are used to watch for wind shear events that can crash planes trying to land.

I do agree with the article in that if the easy solution is to just make it hard to install any 3rd party firmware that will likely be the result. Allowing 3rd party firmware but protecting the radio from being improperly configured does seem harder than just signing the firmware and calling it good. Not that signing the firmware will really prevent installing 3rd party firmware. It will just make it more annoying and will meet the FCC requirements.

Part of the problem is that "improper configuration" can actually be proper under some circumstances.

I'd also be VERY worried that the chinese gray market will become more popular, selling spotty radios that will ruin everyone's day even at regular power levels.

Yup and that is why I don't think they will do it in hardware. It's much more efficient to sell a single router world wide and use firmware to only allow it to operate on the channels allowed in that country than it is to have different hardware for each different variation required. Even if they did make a US specific version it doesn't completely eliminate the issue with channels that are required to use DFS and a third party firmware might not implement that.

<sarcasm> yes, lets ban open-source firmware that lets us use our own hardware however we want. Then ALL those manufacturers that DD-WRT makes firmware for can stop using the Linux kernel and write their own firmware that doesn't rely on open-source.

Not likely.

In all seriousness though, wasn't there a us court case about this that basically said once we own the hardware, it's ours to do with as we please? (i.e. jailbreaking/rooting smartphones)

First of all, just because the firmware is DD-WRT doesn't mean the consumer can change it. It could be burned into ROM soldered on the board with no way to change it short of physically replacing the chip.

After reading up on the TDWR problem from other sources, it seems the issue is only a few specific channels in the 5ghz spectrum used by AC routers. It's not a matter of transmit power at all. it's a matter of frequency interference.

A solution to the TDWR issue was implemented - DFS. The problem is that most AC routers and AP's that have DFS functionality allow for user-selectable modes of operation on those channels. NO DFS, DFS without Radar Scanning, and DFS with Radar Scanning. Apparently, even newer Meraki and Cisco AP's come set by default to DFS without scanning, which causes problems with the TDWR system (especially in hotels located near airports).

All the FCC really needs to do is say, if you're going to manufacture devices using these channels, you must have dfs with radar scanning enabled - no alternatives. The open-source firmware community tends to follow a decent pattern of obeying those rules as well, especially in the case of DD-WRT, because their firmware comes resold on some commercial products sold in the US.

Incidentally, even if they closed their firmware, it wouldn't remain closed for long. Such a move would just spawn another type of "open source". Open architectures are the way to go. Closed ones don't remain closed for long.

If it requires a JTAG to flash, it's not going to get very popular.

This is the reason for comment solicitation and comment periods, to get an idea of how the proposed regulations would affect things. I'm glad to see that the FCC's intent differs from the reading of the proposal. I expect they'll make some changes and clarifications.

No, it just means the price of routers on eBay will skyrocket...and those who know how to do JTAG flashing will be raking it in...

license applicants should have to “Describe in detail how the device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT.”

What's murky about that requirement? I'm glad Ars is calling attention to potential blunt regulatory overreach and I hope that the FCC will reconsider their position as a result. But, I'm puzzled why the headline implies the FCC doesn't hold a position that is in fact very specific and clear.

As a lawyer once told me - it doesn't matter what a regulator says, it matters what they write.

This seems entirely reasonable. I get the concern, I remember using DD-WRT on a linksys 54 so I didn't have to buy a "AP". I saw the boost transmit power, but I never touched it. Why? I'm technical. I understand the implications of such a thing. I'm willing to bet a lot of people that flash theirs do as well, but not all, and some will just not care. There is a reason we regulate radio transmissions as we do.

As people point out, I'm more concerned about the lazy fix this will entail of all or nothing.

Edit: English is hard.

I believe the default is higher than it "ought to be" though too.

I've used DD-WRT as a repeater...because all the commercial ones I tried were expensive and didn't work right (would swap in THEIR MAC-address for DHCP and cause other issues roaming). I discovered that I could substantially boost performance by REDUCING the transmit power from the DD-WRT default. Instead of 71, somewhere in the 40-60 range yielded the best "range to reliability" ratio.

There are also legit reasons to boost power...if you're using longer coax running to a roof or outdoor antenna, for example.